supervisor: allow chown

supervisor.te

@@ -1,4 +1,4 @@
-policy_module(supervisor, 0.1.18)
+policy_module(supervisor, 0.1.19)
 
 ########################################
 #
@@ -44,7 +44,7 @@ init_system_domain(supervisorctl_t,supervisorctl_exec_t)
 # Local policy
 #
 
-allow supervisor_t self:capability sys_tty_config;
+allow supervisor_t self:capability  { sys_tty_config chown };
 allow supervisor_t self:fifo_file { ioctl read write getattr };
 allow supervisor_t self:process setpgid;
 allow supervisor_t self:capability { setuid setgid };
@@ -58,6 +58,8 @@ miscfiles_read_localization(supervisor_t)
 dev_read_urand(supervisor_t)
 kernel_read_system_state(supervisor_t)
 
+init_manage_utmp(supervisor_t)
+
 read_files_pattern(supervisor_t,supervisor_etc_t,supervisor_etc_t)
 search_dirs_pattern(supervisor_t,supervisor_etc_t,supervisor_etc_t)
 allow supervisor_t supervisor_etc_t:dir read;